21 Zero-Days in FFmpeg | depthfirst
depthfirst.com
depthfirst's production autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, after intensive security analysis by Google and Anthropic. Moving beyond theoretical analysis, our agent produces concrete, reproducible PoC inputs to confirm its findings at a fraction of the costs ($1k vs. $10k). Several of the findings had been sitting latent for 15 to 20 years. We explored the exploitability of the issues and developed a PoC demonstrating a RCE exploit primitive.

TLDR: depthfirst’s production autonomous security agent discovered 21 zero-day vulnerabilities in FFmpeg, after intensive security analysis by Google and Anthropic. Moving beyond theoretical analysis, our agent produces concrete, reproducible PoC inputs to confirm its findings at a fraction of the costs ($1k vs. $10k). Several of the findings had been sitting latent for 15 to 20 years. We explored the exploitability of the issues and developed a PoC demonstrating a RCE exploit primitive.

  • Venator@lemmy.nzEnglish
    51·
    12 days ago

    I guess they must’ve published this without notifying ffmpeg first?

      • Venator@lemmy.nzEnglish
        3·
        12 days ago

        dunno, I didn’t open the article because the title claims they did and I don’t want to encourage that sort of behavior with engagement 😜